Splunk Enterprise Security

Why am I unable to match the 1st Dropdown List going to 2nd DropDown list using XML coding?

atulod1
New Member

Hi

I would like to ask for help regarding how to match the first dropdown list to the 2nd dropdown list. Here the below is my XML coding.

Payment Requirements -Customed Dashboard

<input type="dropdown" token="tokServer" searchWhenChanged="True">
  <label>Organization Environment</label>
  <fieldForLabel>ServerEnvironment</fieldForLabel>
  <fieldForValue>ServerEnvironment</fieldForValue>
  <search>
    <query>
    | inputlookup server_mapping_list.csv | field ServerEnviroment | dedup ServerEnviroment 

    </query>
     <earliest>-24@h</earliest>
     <latest>now</latest>
     </search>
     <choice value="ServerEnv1"> ServerEnv1</choice>
     <choice value="ServerEnv2"> ServerEnv2</choice>
     <choice value="ServerEnv3"> ServerEnv3</choice>
     <choice value=" ServerEnv4"> ServerEnv4</choice>
     <choice value="ServerEnv5"> ServerEnv5</choice>
      </input>
<input type="dropdown" token="tokPCI" searchWhenChanged="True">
  <label>PCI Requirements</label>
  <fieldForLabel>PCIReq10</fieldForLabel>
  <fieldForValue>PCIReq10</fieldForValue>
  <search>
    <query>
     | inputlookup server_mapping_list.csv | sort  ServerEnviroment ="$tokServer$"
     | makemv delim="," PCIReq10| mvexpand PCIReq10 | table PCIReq10 
      </query>
      <earliest>-24@h</earliest>
    <latest>now</latest>
  </search>
</input>

Here is inputlookup that I created (server_mapping_list.csv)

PCIReq10                    ServerEnvironment
10.2.2                          ServerEnv2, ServerEnv5
10.2.2(SQ01)        ServerEnv3
10.2.2(SQ03)        ServerEnv3
10.2.3          ServerEnv1, ServerEnv4, ServerEnv5
10.2.4          ServerEnv1, ServerEnv3, ServerEnv4, ServerEnv5
10.2.5a         ServerEnv1, ServerEnv4, ServerEnv5
10.2.5b         ServerEnv5
10.2.5c         ServerEnv5

Here is the exact output will come up.
If I choose

ServerEnv1 on the first dropdown list   then 2nd dropdown list, the default will be is 10.2.3, 10.2.4 and 10.2.5a
ServerEnv2 on the first dropdown list then 2nd dropdown list, the default will be 10.2.2
ServerEnv3 on the first dropdown list then 2nd dropdown list, the default will be 10.2.2(SQ01), 10.2.2(SQ03)
ServerEnv4 on the first dropdown list then on the 2nd dropdown list, the default will be 10.2.2, 10.2.3, 10.2.4, and 10.2.5a
ServerEnv5 on the first dropdown list, then on the 2nd dropdown list, the default will be 10.2.2, 10.2.3, 10.2.4, 10.2.5a, 10.2.5b, 10.2.5c

Hoping you can correct my code. Thanks in advance

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...